From c82c621a7cb34f3eda6302072f94c6e2766d7f2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?toni=20=28=EC=9D=B4=EC=86=8C=EC=9D=80=29?=
 <144209738+saokiritoni@users.noreply.github.com>
Date: Tue, 3 Dec 2024 16:03:25 +0900
Subject: [PATCH] =?UTF-8?q?Fix:=20=EC=97=90=EB=9F=AC=20=EC=B2=98=EB=A6=AC?=
 =?UTF-8?q?=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../domain/portfolio/service/PortfolioService.java | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/main/java/dongguk/osori/domain/portfolio/service/PortfolioService.java b/src/main/java/dongguk/osori/domain/portfolio/service/PortfolioService.java
index ce9a489..7a2a6d6 100644
--- a/src/main/java/dongguk/osori/domain/portfolio/service/PortfolioService.java
+++ b/src/main/java/dongguk/osori/domain/portfolio/service/PortfolioService.java
@@ -29,7 +29,7 @@ public class PortfolioService {
     @Transactional
     public PortfolioDetailDto createPortfolio(Long userId, PortfolioRequestDto requestDto) {
         User user = userRepository.findById(userId)
-                .orElseThrow(() -> new IllegalArgumentException("User not found with ID: " + userId));
+                .orElseThrow(() -> new CustomException(ErrorCode.USER_NOT_FOUND));
 
         Experience experience = new Experience(
                 requestDto.getExperience().getSituation(),
@@ -82,7 +82,11 @@ public PortfolioDetailDto getPortfolioDetail(Long userId, Long portfolioId) {
     @Transactional
     public PortfolioDetailDto updatePortfolio(Long userId, Long portfolioId, PortfolioRequestDto requestDto) {
         Portfolio portfolio = portfolioRepository.findPortfolioWithDetails(portfolioId, userId)
-                .orElseThrow(() -> new IllegalArgumentException("Portfolio not found or access denied for ID: " + portfolioId));
+                .orElseThrow(() -> new CustomException(ErrorCode.PORTFOLIO_NOT_FOUND));
+
+        if (!portfolio.getUser().getUserId().equals(userId)) {
+            throw new CustomException(ErrorCode.PORTFOLIO_ACCESS_FORBIDDEN);
+        }
 
         portfolio.update(
                 requestDto.getName(),
@@ -112,7 +116,11 @@ public PortfolioDetailDto updatePortfolio(Long userId, Long portfolioId, Portfol
     @Transactional
     public void deletePortfolio(Long userId, Long portfolioId) {
         Portfolio portfolio = portfolioRepository.findPortfolioWithDetails(portfolioId, userId)
-                .orElseThrow(() -> new IllegalArgumentException("Portfolio not found or access denied for ID: " + portfolioId));
+                .orElseThrow(() -> new CustomException(ErrorCode.PORTFOLIO_NOT_FOUND));
+
+        if (!portfolio.getUser().getUserId().equals(userId)) {
+            throw new CustomException(ErrorCode.PORTFOLIO_ACCESS_FORBIDDEN);
+        }
 
         portfolioRepository.delete(portfolio);
     }